Sunday, February 16, 2025
HomeData BreachWeb Hosting Company Domainfactory Hacked - Customers Sensitive Personal Data Leaked

Web Hosting Company Domainfactory Hacked – Customers Sensitive Personal Data Leaked

Published on

SIEM as a Service

Follow Us on Google News

Web hosting company Domainfactory owned support forum has been compromised and hackers leaked personal sensitive data by breaking the customer database.

A stranger who have shared internal data of several customers as a proof and confirmed the data belonged to Domainfactory.

Domainfactory is a German hosting company which is owned by GoDaddy since 2016 and this breach Officially confirmed On 6 July.

The organization initially learned of the episode on 3 July. As indicated by the data that is right now accessible, the information arrived in the hands of outer outsiders on 29 January 2018 through an information feed after a system transaction.

According to the company, On July 3, 2018, a person in the DomainFactory forum claimed access to DomainFactory customer data. We initiated a detailed investigation and found that customer data was accessed by an outside party without authorization. The access route is now secured. We contact all customers with the recommendation to update their DomainFactory passwords.

Domainfactory finally confirmed that, leaked customer data including the following sensitive data.

– Customer name 
– Company name 
– Customer number 
– Address 
– E-mail addresses – Phone 
number 
– DomainFactory Phone password 
– Date of birth
– Bank name and account number (eg IBAN or BIC) 
– Schufa score Please 

Journalist Fabian Scherschel also posted on Twitter, that he was also watching a Twitter thread “in which Lauter #Domainfactory customers ask a hacker about their data because DF does not respond to their requests” (all before Domainfactory’s disclosure).

https://twitter.com/fabsh/status/1015615555510964225

In our vital Customer Information discharge dated July 7, 2018, we have demonstrated that we as of now removal of all passwords as a prudent measure. As an outcome, we have gotten more request about which gets to ought to be changed precisely. Instructions for changing your passwords can be found here: https://www.df.eu/blog/pw/

– customer password 
– phone password 
– E-mail passwords 
– FTP / Live disk passwords 
– SSH passwords 
– MySQL database passwords 

Also company Said, We have notified the data protection authority and commissioned external experts with the investigation. The protection of the data of our customers is paramount and we regret the inconvenience this incident causes, very much.”

Also Read

How Much a Data Breach Could Cost for Enterprises and what are the Risks Involved

Key Elements and Important Steps to General Data Protection Regulation (GDPR)

Simple & Important Ways to Protect your Business from Cyber Attacks

How To Respond Cyber Incident In your Organization

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Global IoT Data Leak Exposes 2.7 Billion Records and Wi-Fi Passwords Worldwide

A massive security lapse has exposed over 2.7 billion records, including sensitive Wi-Fi credentials,...

OpenAI Data Breach – Threat Actor Allegedly Claims 20 Million Logins for Sale

Threat actors from dark web forums claim to have stolen and leaked 20 million...

Globe Life Ransomware Attack Exposes Personal and Health Data of 850,000+ Users

Globe Life Inc., a prominent insurance provider, has confirmed a major data breach that...